WSL2-Linux-Kernel/security
Casey Schaufler 6d9c939dbe procfs: add smack subdir to attrs
Back in 2007 I made what turned out to be a rather serious
mistake in the implementation of the Smack security module.
The SELinux module used an interface in /proc to manipulate
the security context on processes. Rather than use a similar
interface, I used the same interface. The AppArmor team did
likewise. Now /proc/.../attr/current will tell you the
security "context" of the process, but it will be different
depending on the security module you're using.

This patch provides a subdirectory in /proc/.../attr for
Smack. Smack user space can use the "current" file in
this subdirectory and never have to worry about getting
SELinux attributes by mistake. Programs that use the
old interface will continue to work (or fail, as the case
may be) as before.

The proposed S.A.R.A security module is dependent on
the mechanism to create its own attr subdirectory.

The original implementation is by Kees Cook.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
2019-01-08 13:18:44 -08:00
..
apparmor apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE 2019-01-08 13:18:43 -08:00
integrity Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-01-02 11:05:43 -08:00
keys KEYS: fix parsing invalid pkey info string 2019-01-01 13:13:19 -08:00
loadpin LoadPin: Initialize as ordered LSM 2019-01-08 13:18:43 -08:00
selinux selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE 2019-01-08 13:18:43 -08:00
smack LSM: Separate idea of "major" LSM from "exclusive" LSM 2019-01-08 13:18:43 -08:00
tomoyo LSM: Separate idea of "major" LSM from "exclusive" LSM 2019-01-08 13:18:43 -08:00
yama Yama: Initialize as ordered LSM 2019-01-08 13:18:43 -08:00
Kconfig Yama: Initialize as ordered LSM 2019-01-08 13:18:43 -08:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
commoncap.c capability: Initialize as LSM_ORDER_FIRST 2019-01-08 13:18:44 -08:00
device_cgroup.c docs: fix broken references with multiple hints 2018-06-15 18:10:01 -03:00
inode.c security: fs: make inode explicitly non-modular 2018-12-12 14:58:51 -08:00
lsm_audit.c audit: use inline function to get audit context 2018-05-14 17:24:18 -04:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c procfs: add smack subdir to attrs 2019-01-08 13:18:44 -08:00